Phishing, Malware both Blamed for Hotmail Breach

Dennis Faas's picture

A security researcher claims a virus probably led to the compromising of 30,000 email passwords. However, most other sources continue to blame phishers.

The email details appeared in two lists published by a user on a legitimate website designed for developers to share code. The first list included details of 10,000 Windows Live Hotmail accounts, while the second boasted 20,000.

Mary Landesman of ScanSafe says that while investigating a piece of malicious software in August she discovered the people controlling it had around 5,000 Hotmail user names and passwords which appeared to have been gathered by the malware. She argues that a similar explanation is likely in the current cases.

Expert: Phishers Not Capable of This

According to Landesman, it's unlikely that phishing -- in which users are tricked into handing over their account details -- could produce so many results. She also believes the fact that multiple email providers are affected makes it less likely that phishing is to blame. (Source:

MS, Google Maintain Phishing Line

However, most other researchers insist it was a phishing case, as do Microsoft and Google. That theory gained extra ground with the revelation that while five of the ten most popular passwords on the list were strings of numbers (such as the most popular entry, 123456), the remaining five were all Spanish names or words. The most credible explanation for that is that scammers tricked people into revealing their details through a bogus message written in Spanish. (Source:

To add further weight to the phishing argument, of those email addresses on the list which are not genuine or operational, many differ from valid addresses by just one character. That certainly suggests people were typing in their details with a proportion inevitably making a typing error.

Experts Insist on Antivirus, Anti-Malware Protection

Whatever caused the breach, it's still best to follow basic security principles for a variety of threats: Use a firewall and antivirus software which is kept up to date. Be wary about files from unknown sources. Use a long, complex password with both letters and numbers, and change it often. And avoid using the same password for multiple sites, particularly those linked to financial accounts.

Given the publicity for the lists, it's also worth being cautious about sites offering to check whether your account was among those compromised. While it's possible some sites may be genuine attempts at help, it's much more likely they are simply ways of gathering valid email addresses. While this isn't a security risk as such, the addresses collected in this way would likely be sold in mailing lists to spammers.

Rate this article: 
No votes yet